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Abstract 

This paper presents a new fast public key cryptosystem namely : a key exchange algorithm, 
a public key encryption algorithm and a digital signature algorithm, based on the difficulty to 
invert the following function : F{x) = (a x x)Mod(2P)Div(2'^) . 

Mod is modulo operation , Div is integer division operation , a , p and q are integers where 

{p> q) ■ 

In this paper we also evaluate the hardness of this problem by reducing it to SAT . 

Keywords : key exchange, public key encryption, digital signature, boolean satisfability problem, 
Multivariate polynomials over F(2) . 

1 Introduction : 

Since its invention by Withheld Difhe and Martin Heilman [1] , Public key cryptography has 
imposed itself as the necessary and indispensable building block of every IT Security architecture. 
But in the last decades it has been proven that public key cryptosystems based on number theory 
problems are not immune againt quantum computing attacks [3]. The advent of low computing 
ressources mobile devices such wirless rhd sensors, smart cellphones, ect has also put demands on 
very fast and lightweight public key algorithms . 

Public key cryptosystem presented in this paper is not based on number theory problems and is 
very fast compared to Diffie-Hellman [1] and RSA algorithms [2]. It is based on the difficulty to 
invert the following function : F{x) = (a x x)Mod{2^)Div{2^) . 

Mod is modulo operation , Div is Integer division operation , a , p and q are known integers where 
{p > q) ■ In this paper we construct three public key algorithms based on this problem namely a 
key exchange algorithm, a public key encryption algorithm and a digital signature algorithm. 

We prove its efficiency compared to Diffie-Hellman and RSA, and that the underlying problem can 
be a hard SAT instance [4] or a equations set of multivariate polynomials over F(2) . 
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2 Secret key exchange algorithm : 


Before exchanging a secret key, Alice and Bob shared a knowledge of : 

Integers [ I, m, p, q, r, Z ] satisfying following conditions : 
q = l + m — p,p>m + q + r,Z is I bits long. 

To exchange a secret key ; 

- 1 Bob chooses randomly a integer X. [ A ] is m bits and a private knowledge of Bob. 

- 2 Computes number U = {X x Z)Mod{2P)Div{2^) , and sends it to Alice. 

- 3 Alice chooses randomly a integer Y. [ T ] is m bits and a private knowledge of Alice. 

- 4 Computes number V = {Y x Z)Mod{2P)Div{2^) , and sends it to Bob. 

- 5 Bob computes number Wa = {X x V)Mod{2P~^)Div{2'^~^'^). 

- 6 Alice computes number Wh = (T x U)Mod{2^~‘^)Div{2'^^'^). 

Our experiments shows us that Pr\Wa = II4] = 1 — 0.3 * 2“'’. 

If Bob and Alice chooses r great enough say superior to 128, Pr\Wa ^ II4] will be negligible, 
they can use then this protocol as a key exchange algorithm 

Secrete key exchanged is the number : 

W = {Xx V)Mod{2^P-^y)Div{2^+'^) = {Y x U)Mod{2^P-^'>)Div{2^+^) 

A python implementation of this algorithm is provided in Appendix A 
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3 Public key encryption algorithm : 


3.1 Encryption : 

In order to send a encrypted message to Bob, Alice performs the following steps ; 

-1 She gots his public key composed by integers [ I, m, p, ( 7 , r, Z, [/ ] , satisfying ; 
q = l + m — p, p>m + q + r,U = {Xx Z)Mod{2P)Div{2‘i), Z is I bits long. 

[ X ] is the m bits long private key of Bob. 

- 2 She chooses randomly a integer Y which is m bits long . 

- 3 She computes number V = (Y x Z)Mod{2P)Div{2‘^), then the secret key 

W = {Y X U)Mod{2P-i)Div{2^+''). 

- 4 She encrypts with secret key W her plaintext and sends corresponding ciphertext 

and number V to Bob. 

3.2 Decryption : 

In order to decrypt the ciphertext recieved from Alice, Bob performs the following steps : 

- 1 With his private key X and number V recieved from Alice, 

he computes secret key W = {X x V)Mod{2P~'^)Div{2^~^''). 

- 2 With secret key W, he decrypts the ciphertext recieved from Alice. 
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4 Digital signature Algorithm : 


Bob’s public key is composed by integers [ I, m, p, q, r, Z, U ] , satisfying : 
q = l + m — p,p>l + q + r,U = {Xx Z) Mod{2P) Div{2^), X is m bits whereas Z is I bits long. 

4.1 Signature : 

In order to sign a Message Msg, Bob performs the following steps : 

- 1 He chooses randomely an m bit long integer Y. 

- 2 Hashes Msg by a hash function HF and gets a digest H which length in bits is the same 

as elements Z of his public key . with his private key [X], he computes : 

51 = (y X Z)Mod{2P)Div{2i) and S2 = {H x {X + Y))Mod{2P)Div{2^) 

- 3 Sends Message Msg and signature (51,52) to Alice. 

4.2 Verification : 

In order to verify that Message Msg is sent by Bob, Alice performs the following steps : 

- 1 She gots his public key. 

- 2 Hashes Msg by HF and gets a digest H which the length in bits is I the same as Zs. 

- 3 From digest H, signature (51, 52) and the elements [ p, q, I, U, Z ] of Bob’s public key. 

She computes Wa = {Hx{Sl+U))Mod{2P-<i)Div{2^+^) and 1F6 = {ZxS2)Mod{2P-P)Div{2^+^). 

- 4 Compares IFa to Wb , Msg is sent by Bob if IFa = Wb 

A python implementation of this algorithm is provided in Appendix B 
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5 Efficiency : 


The key exchange algorithm presented in this paper can be realised by a multiplication circuit 
where some leftmost and righmost output bits are discarded, meaning that it has a time complexity 
of O(n^). In comparaison to standardised key exchange algorithms such as Diffie-Hellman in the 
multiplicatif group or RSA whose time complexities are O(n^), under the same security parameters, 
presented key exchange algorithm is 0(n) time faster. 

The same can be said about presented public key and digital signature algorithms since they are 
basically applications of the key exchange algorithm. 

6 Security : 


The Security of presented public key cryptosystem is based on the difficulty of finding X and Y 
while knowing Z, I, m, p, q, r, U = {X x Z)Mod{2^)Div{2’^), V = {Y x Z)Mod{2P)Div{2^) 

I + m = p + q, p > m + q + r, Z \s I hit long , X and Y are m bits. 

To get X from U and Y from V, a attacker should : 

1 - Invert F{X) = U = {Z x X)Mod{2P)Div{2^) 

2 - Invert F{Y) = V = {Z x Y)Mod{2P)Div{2^). 

Puting it otherwise, presented public key cryptosystem is based on the difficulty to invert the fol¬ 
lowing function : 

F{x) = y = {a X x)Mod{2P)Div{2^). 

a, X, p and q are known integers, while a and x are respectively n and m bits long, (n > m) and 

{p> q) . 

At first glance we can notice that it is easy to verify a solution but it is difficult to find one, implying 
that this problem is in NP. 

In our knowlege it has never been mentioned in the literature. In subsequent section we will reduce 
it to SAT in order to evaluate its hardness. 
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6.1 Hardness evaluation : 


Let A, X, Y, n, m be integers where A, X are rescpectively n and m bits long {m < n). 

The binary representation of A is a(„_i)...a(j_|_i)a(j)...a(o)- 
The binary representation of X is ■ 

The binary representation of Y is y(n+m-i)-y{i+i)y(i)-y(o) ■ 

Y is the arithmetic product of A and X, Y’s bits in function of A’s bits and A’s bits can be 
translated by the following set of algebric equations (1) : 

Co = 0 

For ( j = 0 to m — 1 ) : 

j i-i 

Vj = ((E X Xi) + Cj)Mod{2) and c^+i = (( E a(i-i) x Xi) + Cj)Div{2) 

i=0 2=0 

For (j = m — Iton — 1): 

m—1 m—1 

Vj = (( E %-i) X Xi) + Cj)Mod{2) and Cj+i = (( E %-i-i) x Xi) + Cj)Div{2) 

i=0 i=0 

For (j = n — 1 tom + n — 1 ) : 

m—1 m—1 

Vj = (( E ay-i) X Xi) + Cj)Mod{2) and cj+i = (( E x Xi) + Cj)Div{2) 

i=j—n-\-l i=j—n 

Cj is the retenue bit of multiplication product (Y = A x X) at column j. 

In our problem we have as unknowns bits Yq^^ and (1) become then following set of 

algebric equations (2) : 

For {j = q to m — 1): 

j i-i 

Vj = (( E X Xi) + Cj)Mod{2) and cj+i = (( E x Xi) + Cj)Div{2) 

2=0 2=0 

For (j = m — Iton — 1): 

m—1 m—1 

yj = (( E a(i-i) X Xi) + Cj)Mod{2) and Cj+i = (( E “O-i-i) x Xi) + Cj)Div{2) 

2=0 2=0 
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For {j = n—1 to p): 

m—1 m—1 

Vj = (( E «0-i) X Xi) + Cj)Mod{2) and Cj+i = (( E x Xi) + Cj)Div{2) 

i=j—n 

Set of algebric equations (2) can be translated to following set of logical equations (3). 

If (j ^ ?Tr) Cj j xq^ 

If (tTT ^ j) Cj Fj {Xfn , ; ^(/c); *• *? ^0; — ) 

Af=q{{®i=o{a(^j-i) /\Xi)®Cj) = yj) = true 
A'j=mii®i=j-miaij-i) Xi) © Cj) = Vj) = true 
A Xi) © Cj) = Vj) = true 

Notice this set of logical equation is practicaly the same set resulting from reducing FACT to SAT, 
In paper [9] Authors had suggested to use FACT as a source of Hard SAT Instances, moreover SAT 
Solvers to this day are still inefficient in solving this sort of SAT instances. 

Every logical function can be realised by nands gates , if we replace -iXj by (1 — Xj) , ( A Xj ) 
by ( Xj X Xj ) (3) can also be translated to following set of multivariate polynomials equations : 

If ((7 < j < — 1) : 

3 

Vj = ((E ao-i) X Xi) + Fj{xo, ....Xm))Mod{2) 

2=0 

If (m — I < j < n — I) : 

m—1 

Vj = (( E a{j-i) X Xi) + Fj{xQ, ....Xm))Mod{2) 

2=0 

If (n — 1 < j < p) : 

m—1 

Vj = (( E ay-i) X Xi) + Fj{xo, ....Xm))Mod{2) 

Where Fj’s are multivariate polynomials corresponding to carries Cj 

Summing it up, to break presented public key cryptosystem one had to solve SAT instances re¬ 
sulting from logical equations containing lot of Xors which is not that evident if the number of 
unknown bits are high enough [6]. 

Or solve sets of multivariate polynomials equations over F(2) with degrees superior or equal to 
parameter q. 


7 



7 Conclusion , open question and future work : 


In this paper we have presented a new fast public key cryptosystem based on the difficulty of in¬ 
verting the following function : F{x) = (a x x)Mod{2P)Div{2^) . 

Mod is modulo operation , Div is integer division operation , a , p and q are known integers where 
{p> q) ■ 

We have proved its efficiency compared to Diffie Heilman and RSA cryptosystems. We have also 
proved that its security is based on a new problem that can be viewed as a hard sat instance or a 
set of multivariate polynomial equations over F(2) . 

The fact that its security is not based on number theory problems is also a proof of its resistance 
against current quantum computing attacks [3]. 

The last decade have seen a enormous progress of SAT Solvers but they are still inefficient in solving 
logical statements containg a lot of xors which is the case of our problem [5] [6] [7]. 

SAT is NP complete, meaning that solving it can take exponential time. It is has been found that 
the hardest instances of a SAT problem depends on its constraindness which is defined as the ratio 
of clauses to variables [8]. 

This lead us to ask what forms should have the integers composing public parameters of our PKCS 
in order to produce hard SAT instances even to a eventual SAT Solver that have not problems with 
xor clauses. 


Recently we have found a way to build public key cryptosystems based on the difficulty of inverting 
the following function : F{x) = (a x x)Mod{lf)Div{b'^) . 

Mod is modulo operation , Div is integer division operation , a , b , p and q are known integers 
where {p > q) ■ 

This work will be the subject of a future paper. 
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8 Appendix A : 


Following python script is a ” practical ” proof of correctness of key exchange algorithm presented 
in this paper, (pycrypto library is needed ) 


import sys 

from Crypto.Util.number import getRandomNBitInteger 

def ModDiv(A,B,C) ; 
return (A % B ) // C 

1 = sys.argv[l] 
m = sys.argv[2] 
p = sys.argv[3] 
q = sys.argv[4] 
r = sys.argv[5] 

try; 


1 = int(l) 
m = int(m) 
p = int(p) 
q = int(q) 
r = int(r) 

except ValueError; 

print (’Invalid Arguments’) 

ifm + q + r>p: 

print (””) 

print (’’Public Parameter 1 = %d” %1) 
print (’’Public Parameter m = %d” %m) 
print (’’Public Parameter p = %d” %p) 
print (’’Public Parameter q = %d” %q) 
print (’’Public Parameter r = %d” %r) 
print (””) 

print(’Condition (p > m + q + r) is not fulfilled !’) 
else : 


” Size in bits of public pararameter Z is 1 ” 
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Z = getRandomNBitInteger(l,randfuiic=None) 


” Size in bits of private parameters X and Y is m ” 

X = getRandomNBitInteger(m,randfunc=None) 

Y = getRandomNBitInteger(m,randfunc=None) 

M = pow(2,p) 

Ml = pow(2,p-q) 

D = pow(2,q) 

D1 = pow(2,m+r) 

” If r = 0, In 30 % percents, the keys computed by Alice and Bob are not identical : ” 
” Wa = IY6± 1, this is due to bit carry propagation, if r is increased by one ” 

” the probability that Wa is diffrent to Wb is devided by two. ” 

U = ModDiv(Z*X,M,D) 

V = ModDiv(Z*Y,M,D) 

Wa = ModDiv(U*Y,Ml,Dl) 

Wb = ModDiv(V*X,Ml,Dl) 

print(””) 

print(” Public Parameters :”) 
print(”===================”) 

print(””) 

print (’’Public Parameter 1 = %d” %1) 
print(” Public Parameter m = %d” %m) 
print(” Public Parameter p = %d” %p) 
print(” Public Parameter q = %d” %q) 
print(” Public Parameter r = %d” %r) 
print(” Public Parameter Z = %d” %Z) 
print(””) 

print (’’Private Parameters :”) 
print(”====================”) 

print(””) 

print(” Alice Private Parameter X = %d” %X) 
print(”Bob Private Parameter Y = %d” %Y) 

print(””) 
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print (’’Shared Parameters ;”) 
print (”============= 

print (””) 


print (’’Parameter shared with Bob by Alice U = %d” %U) 
print (’’Parameter shared with Alice by Bob V = %d” %V) 

print (””) 

print (’’Exchanged Secret Key :”) 
print(”======================”) 

print (””) 

print (’’Secret key computed by Alice Wa = %d” %Wa) 
print (’’Secret key computed by Bob Wb = %d” %Wb) 

print (””) 

sys.exit 


You can download this script from ; https : //github.com/Crypticator/ModDiv/blob/master/Kex.py 
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Following python script is a ” practical ” proof of correctness of digital signature algorithm pre¬ 
sented in this paper, (pycrypto library is needed ) 


import sys 

from Crypto.Util.number import getRandomNBitInteger 

def ModDiv(A,B,C) ; 
return (A % B ) // C 

1 = sys.argv[l] 
m = sys.argv[2] 
p = sys.argv[3] 
q = sys.argv[4] 
r = sys.argv[5] 
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try; 


1 = int(l) 
m = int(m) 
p = int(p) 
q = int(q) 
r = int(r) 

except ValueError: 

print (’Invalid Arguments’) 

ifm + q + r>p: 

print (””) 

print (’’Public Parameter 1 = %d” %1) 
print (’’Public Parameter m = %d” %m) 
print (’’Public Parameter p = %d” %p) 
print (’’Public Parameter q = %d” %q) 
print (’’Public Parameter r = %d” %r) 
print (””) 

print(’Condition (p > m + q + r) is not fulfilled !’) 
else : 


” Size in bits of public pararameter Z is 1 ” 

Z = getRandomNBitInteger(l,randfunc=None) 

” a hash value of a hypothetical file ” 

H = getRandomNBitInteger(l,randfunc=None) 

” Size in bits of private parameters X and Y is m 
X = getRandomNBitInteger(m,randfunc=None) 
Y = getRandomNBitInteger(m,randfunc=None) 

M = pow(2,p) 

Ml = pow(2,p-q) 

D = pow(2,q) 

D1 = pow(2,l+r) 

U = ModDiv(Z*X,M,D) 

51 = ModDiv(Z*Y,M,D) 

52 = ModDiv(H*(X+Y) ,M,D) 

Wa = ModDiv(H*(Sl+U),Ml,Dl) 

Wb = ModDiv(Z*S2,Ml,Dl) 
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print (””) 

print(”Public Parameters :”) 
print(”===================”) 

print (””) 

print (’’Public Parameter 1 = %d” %1) 
print (’’Public Parameter m = %d” %m) 
print (’’Public Parameter p = %d” %p) 
print (’’Public Parameter q = %d” %q) 
print (’’Public Parameter r = %d” %r) 
print (’’Public Parameter Z = %d” %Z) 
print (’’Public Parameter H = %d” %H) 
print (””) 

print (’’Private Parameters :”) 
print(”====================”) 

print (””) 

print (’’Private key X = %d” %X) 
print (’’Ephemeral key Y = %d” %Y) 

print (””) 

print (” Signature:”) 
print (” ==========”) 

print (””) 

print(”Sl = %d” %S1) 
print(”S2 = %d” %S2) 

print (””) 

print (’’Verification :”) 
print(”==============”) 

print (””) 

print (”Wa = %d” %Wa) 
print (”Wb = %d” %Wb) 

print (””) 

sys.exit 


You can download this script from ; https : / /github.com/Crypticator/ModDiv/blob/master/moddiv/Sig.py 
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